Re: IMAPS and/or openssl problem

Andy Green wrote:

Somebody in the thread at some point said:

telnet <myserver> 993
I just get
Trying <server IP address>
and nothing further, until I type ctrl-C.

Check /var/log/messages to see if anything is logged. The behavior of
telnet sounds like the behavior of openssl. It's probably not the

No, he doesn't even get a tcp connection established. If I telnet to my
IMAP server I see

telnet 192.168.0.xx 993
Trying 192.168.0.xx...
Connected to 192.168.0.xx.
Escape character is '^]'.

I would first confirm that something is still listening on your external
network interface on 993.

Thanks for all the responses.

nmap seems to show that port 993 is open:
=====================================
[tim@martha ~]$ nmap 86.43.71.228

Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-31 02:13 CEST
Interesting ports on 86.43.71.228:
Not shown: 1688 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
993/tcp filtered imaps
1720/tcp filtered H.323/Q.931
2001/tcp open dc
5190/tcp open aol

Nmap finished: 1 IP address (1 host up) scanned in 20.467 seconds
=====================================

But "netstat -anp --tcp" does not show anything listening on 993
=====================================
[tim@martha ~]$ sudo netstat -anp --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:8000 0.0.0.0:*
LISTEN 1745/nasd
tcp 0 0 127.0.0.1:2208 0.0.0.0:*
LISTEN 1637/hpiod
tcp 0 0 0.0.0.0:139 0.0.0.0:*
LISTEN 1878/smbd
tcp 0 0 0.0.0.0:631 0.0.0.0:*
LISTEN 1654/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 1714/sendmail: acce
tcp 0 0 0.0.0.0:445 0.0.0.0:*
LISTEN 1878/smbd
tcp 0 0 127.0.0.1:2207 0.0.0.0:*
LISTEN 1642/python
tcp 0 0 0.0.0.0:33215 0.0.0.0:*
LISTEN 1443/rpc.statd
tcp 0 0 192.168.1.149:34676 86.43.71.228:2001
ESTABLISHED 3298/ssh
tcp 0 0 :::901 :::*
LISTEN 1680/xinetd
tcp 0 0 :::111 :::*
LISTEN 1422/rpcbind
tcp 0 0 :::22 :::*
LISTEN 1668/sshd
tcp 0 0 :::631 :::*
LISTEN 1654/cupsd
=====================================

I can telnet 993 on my server without problem:
=====================================
[tim@alfred ~]$ telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
=====================================

And "iptables -L" seems to allow this connection:
=====================================
...
Chain net2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp
dpt:appserv-http
ACCEPT udp -- anywhere anywhere udp
dpt:appserv-http
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info
prefix `Shorewall:net2fw:DROP:'
DROP 0 -- anywhere anywhere
...
=====================================

So my best guess is that there is something wrong
with my dovecot configuration.
I "yum remove"d and "yum install"ed dovecot
(and re-edited dovecot.conf),
but that didn't seem to make any difference.

Why not tcpdump it over your ssh session to the server while you try to
connect and see what you can see.

Another more exotic workaround would be, on your local machine

ssh root@myserver -N -L993:localhost:993

while this runs, 993 (the first number) on your local client box will
magically be an encrypted wormhole to port 993 on myserver. Try running
that in one terminal session, and temporarily alter kmail to go look at
localhost for IMAP instead of myserver.

I'll try these tomorrow.
Thanks very much for your help anyway.

--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Cant connect to port 25 from another system
    ... The default sendmail config in RH/Fedora has been to only listen on the ... I previously edited the sendmail.mc file to be sure it is listening on ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ...
    (Fedora)
  • Re: RealVNC
    ... Default listening port for RealVNC server that runs on the machine on which ... Then there is default Java listening port on port 5800 on the client machine ...
    (microsoft.public.windows.server.sbs)
  • Re: RealVNC
    ... I use VNC behind server ... Default listening port for RealVNC server that runs on the machine ... And then "other"party - not the client can run RealVNC Viewer in ...
    (microsoft.public.windows.server.sbs)
  • RE: Cannot make either RWW or Remote Desktop Connection to server internally yet 3389 responds
    ... SBS server from internal and external network. ... Let us refer to the following steps to troubleshoot the issue: ... to listen on port 3389. ... How to change the listening port for Remote Desktop ...
    (microsoft.public.windows.server.sbs)
  • Re: RealVNC
    ... I use VNC behind server ... Then there is default Java listening port on port 5800 on the client ...
    (microsoft.public.windows.server.sbs)